Vertex AI endpoint is public
Description
This policy is checking to make sure that the Vertex AI endpoint is private. This is important because if the endpoint is public, it could be easily accessible to anyone on the internet, increasing the risk of unauthorized access and potential data breaches. By ensuring that the endpoint is private, it helps in safeguarding sensitive data and mitigating potential security threats.
Code Example
go
resource "google_vertex_ai_endpoint" "example" {
...
network = google_service_networking_connection.private_vpc_connection.id
}Remediation
Terraform
- Resource: google_vertex_ai_endpoint
- Arguments: network
To fix this issue, make sure there is a network attached to your Vertex AI endpoint. This makes sure that the Vertex AI endpoint remains private and not exposed to public internet.
Rule Details
| Field | Value |
|---|---|
| ID | IAC-1018 |
| Severity | MEDIUM |
| IaC Type | Terraform |
| Frameworks | Terraform, TerraformPlan |
| Checkov ID | CKV2_GCP_33 |